[Samba] Replication issue after upgrade - 3221225524 / WERR_FILE_NOT_FOUND

Alexandros Karypidis akarypid at yahoo.gr
Sun May 28 13:56:35 UTC 2023 

 Hello,
Thank you, the requested info (see /etc/krb5.conf below) clearly shows the issue: when setting up DC1 I must've pressed enter on the default value for the domain...
Is this fixable by stopping the daemon, editing the file and restarting? Should I make DC2 the FSMO, delete DC1 and then recreate it using DC2 as the golden copy (with the proper domain)?


root at dc1 ~# cat /etc/hosts127.0.0.1 localhost127.0.1.1 dc1 dc1.default.lan
#Required for IPv6 capable hosts::1 ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersff02::3 ip6-allhosts# --- BEGIN PVE ---192.168.9.201 dc1.ad.home.lan dc1# --- END PVE ---
root at dc2 ~# cat /etc/hosts127.0.0.1 localhost127.0.1.1 dc2 dc2.ad.home.lan
#Required for IPv6 capable hosts::1 ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersff02::3 ip6-allhosts# --- BEGIN PVE ---192.168.42.201 dc2.ad.home.lan dc2# --- END PVE ---
==============================================
root at dc1 ~# cat /etc/hostnamedc1
root at dc2 ~# cat /etc/hostnamedc2
==============================================
root at dc1 ~# cat /etc/resolv.conf# --- BEGIN PVE ---search ad.home.lannameserver 127.0.0.1# --- END PVE ---
root at dc2 ~# cat /etc/resolv.conf# --- BEGIN PVE ---search ad.home.lannameserver 127.0.0.1# --- END PVE ---
==============================================

root at dc1 ~# cat /etc/krb5.conf[libdefaults]        default_realm = DEFAULT.LAN        dns_lookup_realm = false        dns_lookup_kdc = true
[realms]DEFAULT.LAN = {        default_domain = default.lan}
[domain_realm]        dc1 = DEFAULT.LAN

root at dc2 ~# cat /etc/krb5.conf[libdefaults]        default_realm = AD.HOME.LAN        dns_lookup_realm = false        dns_lookup_kdc = true
[realms]AD.HOME.LAN = {        default_domain = ad.home.lan}
[domain_realm]        DC2 = AD.HOME.LAN





    On Sunday, 28 May 2023 at 13:06:24 BST, Rowland Penny via samba <samba at lists.samba.org> wrote:  
 
 

On 28/05/2023 11:43, Alexandros Karypidis via samba wrote:
> Hello,
> I have a domain with two controllers (DC1/DC2) based on Turnkey Linux domain controller V16.2 (Samba v4.9.5). I just finished upgrading toV17.1 (Samba v4.17.3) using a new temporary controller DC3.
> Things seem to have worked, I have DC1/DC2 running the new version and can login to the domain (computer accounts are present, users/groups seem fine, etc). HOWEVER, when I try replication now I get the following errors:
> ERROR 1: Try sync from DC1 to DC2 - error 3221225524 (some object not found):
> root at dc1 ~# samba-tool drs replicate DC2 DC1 DC=ad,DC=home,DC=lan --full-sync
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to DC2 failed - drsException: DRS connection to DC2 failed: (3221225524, 'The object name is not found.')  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in drsuapi_connect    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 71, in drsuapi_connect    raise drsException("DRS connection to %s failed: %s" % (server, e))
> ERROR 2: Try sync from DC2 to DC1 - error  WERR_FILE_NOT_FOUND:
> root at dc1 ~# samba-tool drs replicate DC1 DC2 DC=ad,DC=home,DC=lan --full-sync
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 570, in run    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 100, in sendDsReplicaSync    raise drsException("DsReplicaSync failed %s" % estr)
> Any idea why replication now fails? Logging in with RSAT's "Active Directory Users and Computers" seem to show the contents fine on both controllers.
> ------------------- The process used to perform the upgrade is below:
> - Create a third DC3 using V17.1 and transfer all FSMO to it- Demote/remove DC1- Demote/remove DC2- Recreate DC1 with V17.1 and rejoin domain- Recreate DC2 with V17.1 and rejoin domain- Transfer all FSMO to DC1- Demote/remove DC3
> Now, one thing I noticed is that when demoting a DC it was still a member of the domain, so to completely remove it I used the RSAT app on WIndows to delete the computer (including subtree). That was the only "quirk" during the process. After removing the DC I ran a "dbcheck" to fix any references to the removed name...
> 

Can you post your /etc/hosts, /etc/hostname, /etc/resolv.conf and 
/etc/krb5.conf files, sanitised if need be.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list